Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Comcast IPV6 with local DHCPV6 server???

    2.1 Snapshot Feedback and Problems - RETIRED
    2
    3
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcyr
      last edited by

      Comcast has deployed IPV6 in my area, and using PfSense with the 'Track Interface' LAN IPV6 configuration type everything works fine. Problem is that I need better control of assigned IPV6 addresses to my clients so that I can implement fine grained/per client group traffic limiters.

      I am able to assign a local static IPV6 address to the LAN interface, then configure the local DHCPV6 server to assign static IPV6 address to my clients, but after doing so, I loose IPV6 connectivity to the WAN. IPV6 DNS resolution works fine, but nothing else!

      Pinging ipv6.l.google.com [2607:f8b0:4002:802::1012] with 32 bytes of data:
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.

      Ping statistics for 2607:f8b1:4001::1:
          Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

      Is there any way to get PfSense do something similar to IPV4 NAT in order to bridge the internal IPV6 subnet to the WAN side IP address. I realize this defeats the whole purpose of IPV6, but I need some way to get each client on a predictable IPV6 address (at least the part of the address within the subnet).

      IPV6 Test: http://ipv6-test.com

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        That is not going to work in principle, because the static IPv6 subnet that you make is not likely to match the subnet/s delegated from your ISP from time to time. The DNS would work because the DNS requests go to pfSense, and it uses its real WAN IPv6 to do the name resolution and then gives back the answers.
        So, how is this supposed to work in principle? I would have thought:
        a) IPv6 DHCP (or whatever) on WAN - a prefic (/48 /56 /60 or /64 or whatever) is delegated from the ISP
        b) LAN is set to track interface WAN - the LAN now has 1 of the /64 subnets delegated (e.g. by default the 1st one)
        c) Use DHCPv6 Server to specify just the host part of the IPv6 address (the network part, 1st 64 bits, comes from the ISP and can change from time to time) - e.g. make your server ::1, a printer ::2, general DHCP range :1:0:0 to 1:ff:ff - whatever you want.
        d) In rules, specify the source address as "tracked network"::1 to match the server. (The actual public IPv6 address of the server changes every time the delegated prefix changes)

        In practice, steps © and (d) can't be done on the GUI. Or can they? Or is there some completely different way it should be done so that pfSense can put together a static-mapped IPv6 address for LAN clients and use it in firewall rules...?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J
          jcyr
          last edited by

          C) Definitely can't be done via UI. It will not allow starting of DHCPV6 unless a static IPV6 is specified for the LAN interface.

          What I would need is some way to map a fixed /64 subnet to the variable /64 subnet assigned by Comcast… Don't think it's possible, unless I'm looking at this the wrong way?

          IPV6 Test: http://ipv6-test.com

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.